ACE web user interface configuration

Creating username and password for Web User Interface for Integration Node in IBM App Connect Enterprise[ACE] using command line or using node.conf.yaml file [FILE BASED]

This blog explains step by step process of creating username and password for ACE web user interface. These steps will be slightly different from the earlier version of ACE i.e. IIB because of the introduction of node level config files.

For this blog, I will be creating an Integration Node[earlier was known as Broker] by name ACE_IN01 which has an Integration Server[earlier was known as Execution Group] DEV_IS_01.

The below steps are executed in Windows environment so please make sure you change the absolute/relative paths if you are working on Linux or any other environment.

Also I have not tied MQ to Integration Node. The below steps are executed without MQ linked to Integration Node.

The blog does not cover user and groups creations as well. It is assumed that the required users/groups are already available

====================================================

Optional Steps [Can be skipped if you already have Integration Node and Integration Servers created]

====================================================

• Create an Integration Node using mqsicreatebrokercommand

                     mqsicreatebroker ACE_IN01

                        

• Start the integration node using mqsistart command

                     mqsistart ACE_IN01

                      

• Create Integration Server using mqsicreateexecutiongroup command

                  mqsicreateexecutiongroup ACE_IN01 -e DEV_IS_01

                  

There are two ways to create user name and passwords for Web User Interface. 

- via command line
- via node.conf.yaml config file.

====================================================

Steps for creating username and passwords for Web User Interface using command line

====================================================

• Step 1: First lets check for the properties of Rest Admin Listener using mqsireportproperties command

          mqsireportproperties ACE_IN01 -b webadmin -o RestAdminListener -r

               

• Step 2: Enable the basicAuth and authorizationEnabled parameters to true.

            mqsichangeproperties ACE_IN01 -b webadmin -o RestAdminListener -n basicAuth,authorizationEnabled -v true,true

         

• Step 3:Provide the permissions based on the role selected. Here I am using aceAdmin as the role for which full permissions are being granted.The second commands provides access to navigate to Integration Server and perform actions accordingly.

         mqsichangefileauth ACE_IN01 -r aceAdmin -p all+

           mqsichangefileauth ACE_IN01 -e DEV_IS_01 -r aceAdmin -p all+

             

• Step 4 :Check for the role and permissions that has been granted using the below command

        mqsireportfileauth ACE_IN01 -l

           

• Step 5 :Create a user with user name as aceUser and password as passw0rd 

          mqsiwebuseradmin ACE_IN01 -c -u aceUser -a passw0rd -r aceAdmin

         

• Step 6: Stop and start the integration node

         mqsistop ACE_IN01
          mqsistart ACE_IN01

           

• Step 7: You can verify the node.conf.yaml file to see if the changes that has been done via command line is reflecting in the config file. To do so    navigate to C:\ProgramData\IBM\MQSI\components\<NodeName> in this case it is C:\ProgramData\IBM\MQSI\components\ACE_IN01. You will observer node.conf.yaml file. Since the commands have been executed after creation of broker and override file for the same will be generated which will have the values. To view the override file, go to overrides folder present in the same location C:\ProgramData\IBM\MQSI\components\ACE_IN01 and open the node.conf.yaml file to view the properties. The values that you have set using the above steps should be reflected in this file.
• For Linux servers, look at the path  /var/mqsi/components/ACE_IN01.

                        

• Step 8:Open the web user interface https://<hostname>:<weblistenerport>. In my case the URL is https://localhost:4418. If you are not sure of the port number details execute the below command and find out the port number.

        mqsireportproperties ACE_IN01 -b webadmin -o RestAdminListener -r

           

• Step 9:Login with the username and password that was set using mqsiwebuseradmin. In this case user name is aceUser and password is passw0rd.

                      

• Step 10:You should be able to view the server details and should not get any authorization error.

====================================================

Steps for creating username and passwords for Web User Interface using node.conf.yaml file

====================================================

• Step 1: First lets check for the properties of Rest Admin Listener using by navigating to "C:\ProgramData\IBM\MQSI\components\ACE_IN01". You can see node.conf.yaml file. Alternatively you can also see overrides directory in the same location which again contains the same node.conf.yaml. For this part, we will be working on node.conf.yaml file under ACE_IN01 directory. the node.conf.yaml under overrides directory will only contain values that has been updated via command line.In the below image, look at the highlighted fields which we will be changing in the below steps directly in config file for logging into web user interface with user name and password with necessary permissions.
• For Linux servers, look at the path  /var/mqsi/components/ACE_IN01.

                    

                    

• Step 2: Un-comment the basicAuth field at line number 57 to enable basic authorization.
• Next un-comment the authorizationEnabled field at line number 62 and change the value to true.
• Lastly un-comment the authorizationMode at line number 63 and finally save the node.config.yaml file.

              

• Step 3:Now coming to providing permissions to the rule.

1. Un-comment the field adminRole under Node-> Permissions section, replace the value of adminRole with aceAdmin at line number 79.
2. Un-comment the field adminRole under Node->DataPermissions section, replace the value of adminRole with aceAdmin at line number 87.
3. Un-comment lines 91, 92, 94, 95, 101.
4. At line number 91, replace server01 with the Integration server name which you have created. In this case it is DEV_IS_01.
5. Repeat the same process for the Server level permissions by uncommenting the adminRole fields at line number 94 and 101 and replacing it with aceAdmin and save the file

                        

• Step 4 :Create a user with user name as aceUser and password as passw0rd 

                            mqsiwebuseradmin ACE_IN01 -c -u aceUser -a passw0rd -r aceAdmin

• Step 5: Stop and start the integration node

              mqsistop ACE_IN01
                mqsistart ACE_IN01

• Step 6:Open the web user interface https://<hostname>:<weblistenerport>. In my case the URL is https://localhost:4418. 

• Step 7:Login with the username and password that was set using mqsiwebuseradmin. In this case user name is aceUser and password is passw0rd.

                       

• Step 8:You should be able to view the server details and should not get any authorization error.